Add missing Reference count in null Device.

The pending CopyFromStagingBuffer operation didn't keep a reference to
its Buffer causing a use-after free in some cases.

BUG=chromium:976573

Change-Id: Ib53c294874d175d2a21b65676fb71e62f42619b0
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/8365
Commit-Queue: Kai Ninomiya <kainino@chromium.org>
Reviewed-by: Austin Eng <enga@chromium.org>
Reviewed-by: Kai Ninomiya <kainino@chromium.org>
This commit is contained in:
Corentin Wallez 2019-06-26 19:53:34 +00:00 committed by Commit Bot service account
parent 751252e372
commit ebcf0d31c0
2 changed files with 7 additions and 7 deletions

View File

@ -62,7 +62,7 @@ namespace dawn_native { namespace null {
}
StagingBufferBase* staging;
Buffer* destination;
Ref<Buffer> destination;
uint64_t sourceOffset;
uint64_t destinationOffset;
uint64_t size;
@ -153,7 +153,7 @@ namespace dawn_native { namespace null {
uint64_t size) {
auto operation = std::make_unique<CopyFromStagingToBufferOperation>();
operation->staging = source;
operation->destination = reinterpret_cast<Buffer*>(destination);
operation->destination = ToBackend(destination);
operation->sourceOffset = sourceOffset;
operation->destinationOffset = destinationOffset;
operation->size = size;
@ -208,9 +208,9 @@ namespace dawn_native { namespace null {
// Buffer
struct BufferMapReadOperation : PendingOperation {
struct BufferMapOperation : PendingOperation {
virtual void Execute() {
buffer->MapReadOperationCompleted(serial, ptr, isWrite);
buffer->MapOperationCompleted(serial, ptr, isWrite);
}
Ref<Buffer> buffer;
@ -240,7 +240,7 @@ namespace dawn_native { namespace null {
return {};
}
void Buffer::MapReadOperationCompleted(uint32_t serial, void* ptr, bool isWrite) {
void Buffer::MapOperationCompleted(uint32_t serial, void* ptr, bool isWrite) {
if (isWrite) {
CallMapWriteCallback(serial, DAWN_BUFFER_MAP_ASYNC_STATUS_SUCCESS, ptr, GetSize());
} else {
@ -274,7 +274,7 @@ namespace dawn_native { namespace null {
void Buffer::MapAsyncImplCommon(uint32_t serial, bool isWrite) {
ASSERT(mBackingData);
auto operation = std::make_unique<BufferMapReadOperation>();
auto operation = std::make_unique<BufferMapOperation>();
operation->buffer = this;
operation->ptr = mBackingData.get();
operation->serial = serial;

View File

@ -141,7 +141,7 @@ namespace dawn_native { namespace null {
Buffer(Device* device, const BufferDescriptor* descriptor);
~Buffer();
void MapReadOperationCompleted(uint32_t serial, void* ptr, bool isWrite);
void MapOperationCompleted(uint32_t serial, void* ptr, bool isWrite);
void CopyFromStaging(StagingBufferBase* staging,
uint64_t sourceOffset,
uint64_t destinationOffset,